LAST LOGON: ON SUSPEND AFTER: ___ INACTIVE DAYS
PSWD CHNGD: ,GOOD FOR ___ DAYS AUTHORIZED HOURS: __ __ TO __ __
....................AUTHORIZATION LEVELS BY APPLICATION........................
Empl(01): _
SPLR(48): _ SEC.(49): _ PROG(50): _
```**
Figure 12 -- Operator Security Information Screen
#
Terminal Profile
##
DVCxxx Functions
Now let us look at the definition for a terminal in the MAGEC security system.
| ```
** DO THIS:
Enter the command: DVCSEE
*
-- press ENTER.
```**
The definition for your terminal will be displayed. The asterisk is interpreted as meaning "this terminal", as a (cont.)
convenience for you. MAGEC will substitute your terminal ID for the asterisk. You could have entered the (cont.)
command:
DVCSEE xxxx
where xxxx is any valid terminal ID, your own or anyone else's. The specified terminal's profile would be shown.
The profile for a terminal is similar to the profile for an operator. When an operator logs on to a terminal MAGEC (cont.)
compares the authorization levels for the terminal and the operator (in each individual category) and applies the more (cont.)
restrictive of the two. This means that an operator's authorization at one terminal may be lower than at another. If (cont.)
any of his/her authorizations have been reduced, a message will warn him/her at log on time. The reduction applies only (cont.)
to this session, it does not alter the operator's profile.
An exception to this automatic authorization reduction is when a *central security officer* logs on. MAGEC automaticaly (cont.)
gives central security officers full access to all functions from all terminals. This is necessary in order to rescue (cont.)
*local security officers* who have somehow locked themselves out of the system or otherwise woven a tangled web from (cont.)
which they cannot escape. Needless to say, there should be only a few select individuals with central security officer (cont.)
authorization.
**Location** is the 3-character (no wildcards here) designation for the location of this terminal. Location codes are (cont.)
defined by you in MAGEC Table number 252. You can refer to the "Database Administration" chapter for explanations on (cont.)
how to update MAGEC Tables.
**Buf Size** is the size of the terminal's buffer (normally 1,920). It is used by the Spooler, not by the Security system.
**Type** is the terminal device type, i.e. 3278, 3279, etc. **L/R** is the line connection type: Local Remote, Dialup, (cont.)
or logial Unit (the uppercase letter is the one-character abbreviation you can enter). **7-Color** is a Y or N (cont.)
indicator to specify whether this terminal has 7-color support. **Form** is the 4-character designation for the type of (cont.)
paper mounted in this device
if it is a printer, not a CRT. **Active Report** also applies only to printers. These fields are not used for Security, but for other MAGEC subsystems.
**Desc **is a 30-character free-form text field, a brief description for this terminal.
**Status** indicates whether this terminal is in service or not, valid values are Available or Disabled (the uppercase letter may be used as an abbreviation when entering).
| ```
**
DVCSEE PC01
M A G E C DEVICE DEFINITION (CRT/PRINTER)
ID= PC01 Home Gateway: ................
Location: SYS ( COMPUTER ROOM (SYSTEM PRINTERS) ) Buf Size: 1,920
Type: 3279 L/R: LOCAL 7-Color (Y/N) : N --TEST-- --PROD--
Desc: MAGEC Software - AT Portable 87654321 87654321
Status AVAILABLE Form: User Views: YYYYYYYY YYYYYYYY
Active Report Time Out: 999 min.
Print Classes: A SMTWTFSH
Authorized Hours : 00 00 to 24 00 Days: YYYYYYYY
...............MAXIMUM AUTHORIZATION LEVELS BY APPLICATION......................
Empl(01) : 0
SPLR(48): 9 SEC.(49): 9 PROG(50): 9
Press PF4 for browse (LOC) screen
Press PF13 for Hardcopy
Press PF16 to Copy field to buffer Press PF17 to Paste data from buffer
Press PF2 for field-level HELP
```**
Figure 13 -- Device Definition Screen
**Print Classes** specifies the class (one character) to be assigned to reports generated from this terminal via the MAGEC Spooler.
**Authorized Hours** and **Authorization Levels by Application** are similar to those specifications for the operator.
If you wished to define another terminal to the MAGEC dictionary you would use the DVCADD command as:
DVCADD tttt
where tttt is a valid terminal ID.
**
NOTE:
**
Since terminal-level security is optional in MAGEC it is not necessary to define your terminals to the dictionary. If a (cont.)
terminal is not defined, MAGEC assumes that it has unlimited access (subject, of course, to the operator's (cont.)
authorizations). It* is* necessary to define terminals in order to take advantage of some Spooler functions or 7-Color (cont.)
extended attribute support; however.
**Home Gateway** is the Gateway name of this computer as defined on MAGEC Lookup Table #248. This entry must be a valid (cont.)
name, as defined on the table, or it must be left blank. An entry in this field is needed only if this computer is used (cont.)
as a Host and also as a Client machine using MAGEC's intrinsic TCP/IP networking facility. The purpose for this entry (cont.)
is to tell MAGEC's I/O module that any Data Classes which are defined as being at this Gateway name are actually local (cont.)
to this machine. This machine, it is assumed, also serves a Host so that other machines (Clients) can access Data (cont.)
Classes which are local to this machine.
If this machine never serves as a Host, then it is not necessary for it to be defined to Table #248 and it is correct to leave this Home Gateway specification blank.
| ```
**
DVCADD tttt Enter data to be ADDED
M A G E C DEVICE DEFINITION (CRT/PRINTER)
ID= TTTT Home Gateway: ................
Location: ___ ( ) Buf Size: ______
Type: ____ L/R: ______ 7-Color (Y/N) : _ --TEST-- --PROD--
Desc: ____________________________ 87654321 87654321
Status _________ Form: ____ User Views: ________ ________
Active Report Time Out: ___ min.
Print Classes: _________________________________________ SMTWTFSH
Authorized Hours : __ __ to __ __ Days: ________
...............MAXIMUM AUTHORIZATION LEVELS BY APPLICATION......................
Empl(01) : 9
SPLR(48): 9 SEC.(49): 9 PROG(50): 9
```**
Figure 14 -- Device Definition Screen
#
Review
##
What You Have Learned
As you can readily see, the security authorization profiles for operators and terminals combine to form the (cont.)
authorizations for any given session. The authorizations consist primarily of one-digit codes where 0 is the lowest (cont.)
possible and 9 is the highest, for each of up to 50 logical applications.
You can define the logical applications via the MAGEC dictionary. Every function code must belong to one logical (cont.)
application, it may not belong to more than one. The various functions handled by a given MMP (program) may, however, (cont.)
each belong to a different logical application from one another.
As the operator attempts to do any given function, MAGEC compares his/her authorization (for the logical applications (cont.)
to which that function belongs) against the authorization level required to do that function. If the operator is not (cont.)
authorized, MAGEC never even invokes the application program; instead, a message is sent telling him/her (cont.)
"Unauthorized".
MAGEC's menu system is driven by the dictionary security parameters and definitions. It can never be out of "sync" with (cont.)
security. It requires no coding, no maintenance, and no unnecessary overhead. Operators who do not desire a menu simply (cont.)
do not request one; they can "fast path" directly to any function/screen for which they are authorized. In order to (cont.)
retain the advantages of a fully dictionary-driven system without the usual I/O overhead involved with such an (cont.)
architecture, MAGEC loads the active security and data definition specifications into main memory. You can (if you are (cont.)
authorized to do so) tell MAGEC to re-load the data at any time in order to make recent changes effective (cont.)
immediately.
The security system helps control separation of test and production environments. This enables you, in one MAGEC (cont.)
system, to conduct production work, development, and testing (prototyping) without interfering with one (cont.)
another.
##
Other Interesting Functions
There are several query functions which are useful to a security officer on a day-to-day basis. Refer to the "Security" section of the *Programmer's Reference Guide* for more details.
WHOMAY xxxxxx
(where xxxxxx is a valid function code)
WHODID xxxxxx
(where xxxxxx is a valid function code)
WHOSON )
OPRACT nnnnnnnnn
(where nnnnnnnnn is an employee#)
MALLOC 1
There are also "global change" functions for security profiles and definitions. They ask you for selection criteria to (cont.)
select which items are to be changed and to specify which parameters are to be changed and to what values within the (cont.)
selected items. The functions are:
SIFGBL
DVCGBL
FCDGBL
#
Appendix A -- Starting Fresh
##
On a PC
If you are doing the tutorial projects on a PC or PS/2, rather than on a mainframe computer, you have the advantage of (cont.)
being the only user of the system. In such an environment, the simplest way to ensure that you are starting fresh is to (cont.)
re-install MAGEC from the initial installation diskettes before beginning the tutorials. You should do this only if you (cont.)
are running MAGEC from your local disk, not from a shared network server--unless you coordinate your actions with the (cont.)
other users of MAGEC on your network. You can also do the procedure described below for maniframe users, if you (cont.)
prefer.
##
On a Mainframe
Because it is most likely that you will interfere with other users on your multi-user mainframe system, we suggest (cont.)
strongly that you try to do these tutorials on a PC instead. If however, you must (or prefer) to do them on the (cont.)
mainframe, you should be especially careful to coordinate your activities with any other users.
At the time MAGEC is initially installed, and periodically thereafter, we strongly recommend(ed) that you backup and (cont.)
reorganize you MAGEC dictionary using the IDCAMS (or AMSERV) REPRO facility. If you have done (been doing) that, you (cont.)
can restore the FCDK1, SIFK1, and LAPK1 VSAM files to un-do the dictionary changes made in this (and the other) (cont.)
tutorials. This process must be done with careful consideration as to how it might affect other work which is being (cont.)
done at the same time. It is necessary to close the MAGEC dictionary files to your TP Monitor (CICS, Westi, etc.) while (cont.)
you are restoring them
therefore, MAGEC would be inactive during the process.
##
Manually
You could, in any environment, un-do the changes made in this tutorial by manually deleting and updating the effected dictionary records, i.e.:
LAPDEL 01
(LAP 01 definition is displayed)
(LAP 01 definition deleted)
FCDCHG VACADD
(FCD definition for VACADD displayed)
key changes to set all parameters to original
values as shown in Figure 06 in this sectionl
repeat above for all other VAC functions
SIFDEL 123456789
(where 123456789 is your test ID)
(your ID is deleted)
#
Appendix B -- Security Data Classes
##
SIF
The SIF data class is the Security Information File for operator profiles. Online maintenance is done to it via the (cont.)
SIFxxx functions. A batch index of operators can be produced using the MAGECLBR utility program with a control card (cont.)
of:
-MAGECIDX SIF
##
DVC
The DVC data class is the Device profiles. Online maintenance is done via the DVCxxx functions.
##
FCD
The FCD data class is the definitions of every online Function Code. Online maintenance is done to it via the FCDxxx functions. An index listing can be produced using MAGECLBR with a control card of:
-MAGECIDX FCD
##
next: sectut04.md.txt